SiliconFlow Video Gen
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears aligned with its stated video-generation purpose, but it uses local execution and a SiliconFlow API key to submit paid provider requests.
Before installing, confirm you are comfortable giving the skill access to a SiliconFlow API key and allowing it to submit paid video-generation jobs. The behavior is disclosed and purpose-aligned, but using a limited-scope or low-balance provider key is prudent.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use your SiliconFlow account key to submit video-generation jobs and consume account credits.
The skill reads a provider credential from the environment or OpenClaw config. This is purpose-aligned and disclosed, but it is still account-level credential access.
api_key = os.environ.get("SILICONFLOW_API_KEY") ... config_path = os.path.expanduser("~/.openclaw/openclaw.json") ... api_key = siliconflow.get("apiKey")Use a dedicated SiliconFlow key with appropriate spending limits, and remove it from the environment or config when you no longer want the skill to access it.
When invoked, the skill can submit a paid generation job to SiliconFlow using your credentials.
The skill uses a local command to POST the prompt, optional image URL, and model to SiliconFlow. This matches the advertised purpose and does not use shell interpolation, but it is still an external action with possible billing impact.
curl_cmd = ["curl", "-s", "-X", "POST", f"{API_BASE_URL}/video/submit", ... "-d", json.dumps(data)]Invoke it only when you intend to create a video, and review the prompt, image URL, model, and provider pricing before use.
It may be harder to verify the publisher or compare the installed package with an upstream repository.
The registry metadata does not provide a verified upstream source or homepage. The included source code is available for review, so this is a provenance note rather than evidence of hidden behavior.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Review the included files before installing and prefer packages with clear source and homepage metadata when available.